fwt

package module
v1.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 26, 2024 License: MIT Imports: 17 Imported by: 0

README

FastWebToken

Build, Test

Small, Fast and simple JWT alternative that uses CBOR for serialization and EdDSA, HMAC, blake2b and blake3 for signing.

Structure

Header Payload Signature
1 (SignatureType) + 8 (Payload size) byte Varies based on the Payload size 32 bytes for HMACSha256, Blake2b256, blake3 or 64 bytes for Ed25519, HMACSha512, Blake2b512 or 114 bytes for Ed448
  1. Header: This begins with a single byte that determines the SignatureType. The next eight bytes are the size of the payload encoded in big endian.
  2. Payload: Payload that encoded in CBOR format. The size of the payload is specified in the header.
  3. Signature: This is either 32, 64 or 114 bytes depending on the SignatureType specified in the header.

Signature Types

  • Ed25519: RFC-8032 Ed25519 signature.
  • Ed448: RFC-8032 Ed448 signature.
  • HMACSha256: HMAC with SHA-256.
  • HMACSha512: HMAC with SHA-512.
  • Blake2b256: Blake2b with 256-bit output.
  • Blake2b512: Blake2b with 512-bit output.
  • Blake3: Blake3 with 256-bit output.

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAESCBCDecrypter 

func NewAESCBCDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESCBCDecrypter creates a new decrypter using AES-CBC.

func NewAESCBCEncryptor 

func NewAESCBCEncryptor(key []byte) func([]byte) ([]byte, error)

NewAESCBCEncryptor creates a new encryptor using AES-CBC.

func NewAESCTRDecrypter added in v1.0.2 

func NewAESCTRDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESCTRDecrypter creates a new decrypter using AES-CTR.

func NewAESCTREncryptor added in v1.0.2 

func NewAESCTREncryptor(key []byte) func([]byte) ([]byte, error)

NewAESCTREncryptor creates a new encryptor using AES-CTR.

func NewAESECBDecrypter added in v1.0.2 

func NewAESECBDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESECBDecrypter creates a new decrypter using AES-ECB. Disclaimer: ECB is not secure, it must not be used in production. Please use AES-CBC or AES-GCM instead. See https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB).

func NewAESECBEncryptor added in v1.0.2 

func NewAESECBEncryptor(key []byte) func([]byte) ([]byte, error)

NewAESECBEncryptor creates a new encryptor using AES-ECB. Disclaimer: ECB is not secure, it must not be used in production. Please use AES-CBC or AES-GCM instead. See https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB).

func NewAESGCMDecrypter added in v1.0.2 

func NewAESGCMDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESGCMDecrypter creates a new decrypter using AES-GCM.

func NewAESGCMEncryptor added in v1.0.2 

func NewAESGCMEncryptor(key []byte) func([]byte) ([]byte, error)

NewAESGCMEncryptor creates a new encryptor using AES-GCM.

func NewBlake2b256Signer 

func NewBlake2b256Signer(key []byte) func([]byte) ([]byte, error)

NewBlake2b256Signer creates a new signer using blake2b-256 with a key. If the key is longer than 64 bytes, it will be hashed with blake2b-512.

func NewBlake2b256Verifier 

func NewBlake2b256Verifier(key []byte) func([]byte, []byte) error

NewBlake2b256Verifier creates a new verifier using blake2b-256 with a key. If the key is longer than 64 bytes, it will be hashed with blake2b-512.

func NewBlake2b512Signer 

func NewBlake2b512Signer(key []byte) func([]byte) ([]byte, error)

NewBlake2b512Signer creates a new signer using blake2b-512 with a key. If the key is larger than 64 bytes, it will be hashed with blake2b-512.

func NewBlake2b512Verifier 

func NewBlake2b512Verifier(key []byte) func([]byte, []byte) error

NewBlake2b512Verifier creates a new verifier using blake2b-512 with a key. If the key is larger than 64 bytes, it will be hashed with blake2b-512.

func NewBlake3Signer 

func NewBlake3Signer(key []byte) func([]byte) ([]byte, error)

NewBlake3Signer creates a new signer using blake3 with a key. If the key is not 32 bytes, it will be hashed with blake3.

func NewBlake3Verifier 

func NewBlake3Verifier(key []byte) func([]byte, []byte) error

NewBlake3Verifier creates a new verifier using blake3 with a key.

func NewEd25519Signer 

func NewEd25519Signer(key ed25519.PrivateKey) func([]byte) ([]byte, error)

NewEd25519Signer creates a new signer using Ed25519 with ed25519.PrivateKey.

func NewEd25519Verifier 

func NewEd25519Verifier(key ed25519.PublicKey) func([]byte, []byte) error

NewEd25519Verifier creates a new verifier using Ed25519 with ed25519.PublicKey

func NewEd448Signer 

func NewEd448Signer(key ed448.PrivateKey, context ...string) func([]byte) ([]byte, error)

NewEd448Signer creates a new signer using Ed448 with ed448.PrivateKey. context is optional and defaults to fwt.defaultCtx. please refer to https://tools.ietf.org/html/rfc8032#section-5.2.6 for more information.

func NewEd448Verifier 

func NewEd448Verifier(key ed448.PublicKey, context ...string) func([]byte, []byte) error

NewEd448Verifier creates a new verifier using Ed448 with ed448.PublicKey. context is optional and defaults to fwt.defaultCtx. please refer to https://tools.ietf.org/html/rfc8032#section-5.2.6 for more information.

func NewHMACSha256Signer 

func NewHMACSha256Signer(key []byte) func([]byte) ([]byte, error)

NewHMACSha256Signer creates a new signer using HMAC-SHA256 with a key.

func NewHMACSha256Verifier 

func NewHMACSha256Verifier(key []byte) func([]byte, []byte) error

NewHMACSha256Verifier creates a new verifier using HMAC-SHA256 with a key.

func NewHMACSha512Signer 

func NewHMACSha512Signer(key []byte) func([]byte) ([]byte, error)

NewHMACSha512Signer creates a new signer using HMAC-SHA512 with a key.

func NewHMACSha512Verifier 

func NewHMACSha512Verifier(key []byte) func([]byte, []byte) error

NewHMACSha512Verifier creates a new verifier using HMAC-SHA512 with a key.

func NewHPKEDecrypter added in v1.0.2 

func NewHPKEDecrypter(key kem.PrivateKey, suite hpke.Suite, info ...string) func([]byte) ([]byte, error)

NewHPKEDecrypter creates a new decrypter using HPKE. Experimental, not recommended for production use.

func NewHPKEEncryptor added in v1.0.2 

func NewHPKEEncryptor(key kem.PublicKey, suite hpke.Suite, info ...string) func([]byte) ([]byte, error)

NewHPKEEncryptor creates a new encryptor using HPKE. Experimental, not recommended for production use.

func NewXChaCha20PolyDecrypter 

func NewXChaCha20PolyDecrypter(key []byte) func([]byte) ([]byte, error)

NewXChaCha20PolyDecrypter creates a new decrypter using XChaCha20-Poly1305.

func NewXChaCha20PolyEncryptor 

func NewXChaCha20PolyEncryptor(key []byte) func([]byte) ([]byte, error)

NewXChaCha20PolyEncryptor creates a new encryptor using XChaCha20-Poly1305.

func SetDecoder added in v1.0.4 

func SetDecoder(dec cbor.DecMode)

SetDecoder set custom cbor decoder.

func SetEncoder added in v1.0.4 

func SetEncoder(enc cbor.EncMode)

SetEncoder set custom cbor encoder.

Types

type SignatureType 

type SignatureType int

SignatureType is the type of signature. 

const (
	// SignatureTypeEd25519 is the signature type of Ed25519.
	SignatureTypeEd25519 SignatureType = iota
	// SignatureTypeEd448 is the signature type of Ed448.
	SignatureTypeEd448
	// SignatureTypeHMACSha256 is the signature type of HMAC-SHA256.
	SignatureTypeHMACSha256
	// SignatureTypeHMACSha512 is the signature type of HMAC-SHA512.
	SignatureTypeHMACSha512
	// SignatureTypeBlake2b256 is the signature type of blake2b-256.
	SignatureTypeBlake2b256
	// SignatureTypeBlake2b512 is the signature type of blake2b-512.
	SignatureTypeBlake2b512
	// SignatureTypeBlake3 is the signature type of blake3.
	SignatureTypeBlake3
)

Signature types.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a token factory & signer.

func NewSigner 

func NewSigner(signer func([]byte) ([]byte, error), encryptor func([]byte) ([]byte, error), signatureType SignatureType) *Signer

NewSigner creates a new signer. signer is a function that takes a marshaled data and returns a signature. encryptor is an optional function that takes a token and returns an encrypted token. signatureType is the type of signature, must be matched with the signer.

func (*Signer) Sign 

func (s *Signer) Sign(data any) (string, error)

Sign signs the data and returns a signed token. If encryptor is set, the token will be encrypted.

Example 
HMACKey := []byte("00000000000000000000000000000000")
signer := NewSigner(NewBlake3Signer(HMACKey), nil, SignatureTypeBlake3)
token, err := signer.Sign(testStruct)
if err != nil {
	panic(err)
}
fmt.Println(token)

Output:

BkgAAAAAAAAApAEYKgJ4L3RoZSBhbnN3ZXIgdG8gbGlmZSwgdGhlIHVuaXZlcnNlIGFuZCBldmVyeXRoaW5nAxpK+fBwBEpzb21lIGJ5dGVzLGyZyWWGXpPeYV0KJphXT0ZNMf3KTzKvOdFjltylKoI=

type Verifier 

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier is a token verifier.

func NewVerifier 

func NewVerifier(verifier func([]byte, []byte) error, decrypter func([]byte) ([]byte, error), signatureType SignatureType) *Verifier

NewVerifier creates a new verifier. verifier is a function that takes a marshaled data and a signature and returns an error if the signature is invalid. decrypter is an optional function that takes a token and returns a decrypted token. signatureType is the type of signature, must be matched with the verifier.

func (*Verifier) Verify 

func (v *Verifier) Verify(token string) error

Verify verifies the token.

Example 
HMACKey := []byte("00000000000000000000000000000000")
verifier := NewVerifier(NewBlake3Verifier(HMACKey), nil, SignatureTypeBlake3)
if err := verifier.Verify("BkgAAAAAAAAApAEYKgJ4L3RoZSBhbnN3ZXIgdG8gbGlmZSwgdGhlIHVuaXZlcnNlIGFuZCBldmVyeXRoaW5nAxpK+fBwBEpzb21lIGJ5dGVzLGyZyWWGXpPeYV0KJphXT0ZNMf3KTzKvOdFjltylKoI="); err != nil {
	panic(err)
}
fmt.Println("token is valid")

Output:

token is valid

func (*Verifier) VerifyAndUnmarshal 

func (v *Verifier) VerifyAndUnmarshal(token string, dst any) error

VerifyAndUnmarshal verifies the token and unmarshal the data into dst.

Example 
HMACKey := []byte("00000000000000000000000000000000")
verifier := NewVerifier(NewBlake3Verifier(HMACKey), nil, SignatureTypeBlake3)
result := new(TestStruct)
if err := verifier.VerifyAndUnmarshal("BkgAAAAAAAAApAEYKgJ4L3RoZSBhbnN3ZXIgdG8gbGlmZSwgdGhlIHVuaXZlcnNlIGFuZCBldmVyeXRoaW5nAxpK+fBwBEpzb21lIGJ5dGVzLGyZyWWGXpPeYV0KJphXT0ZNMf3KTzKvOdFjltylKoI=", result); err != nil {
	panic(err)
}
fmt.Printf("A: %d, B: %s, C: %s, D: %s", result.A, result.B, result.C.UTC().Format("2006-01-02"), result.D)

Output:

A: 42, B: the answer to life, the universe and everything, C: 2009-11-10, D: some bytes

Source Files

View all Source files

Directories

Path Synopsis
internal
pkcs7

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.